< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-13T11:06:02+05:30

Critical Zero-Day Exploits in iCagenda and Balbooa Forms Joomla Extensions

Two critical zero-day vulnerabilities in Joomla extensions iCagenda and Balbooa Forms (CVSS 10.0) are actively exploited, enabling remote code execution through unauthenticated file uploads. CISA added these to its KEV catalog, with urgent fixes required for federal agencies and CMS users.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild.

The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below -

CVE-2026-48939 - A vulnerability in the

Read original article

*** END OF TRANSMISSION ***